봄 응용 프로그램을 바람둥이에서 wildfly로 마이그레이션하려고합니다. 더 이상 로그인 할 수 없습니다. 초기 성공 인증이 손실되거나 덮어 쓰여진 다음 익명 세션이 생성되는 것 같습니다.
봄 보안 : 4.0.1.RELEASE wildfly 8.2.0
갇혀서 알아낼 수 없습니다. 도움이나 제안을 주시면 감사하겠습니다.
감사
다음은 로그에서 발췌 한 내용입니다.
성공적인 인증 :
17:13:43,182 FINE [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] (default task-6) Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fc115a3: Principal: myapp.springSupport.AccountUser@bb94ce99: Username: test1976; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_sysadmin,user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_sysadmin, user
17:13:43,183 FINE [org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler] (default task-6) Using default Url: /
17:13:43,183 FINE [org.springframework.security.web.DefaultRedirectStrategy] (default task-6) Redirecting to '/myapp/'
17:13:43,183 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-6) HttpSession being created as SecurityContext is non-default
17:13:43,184 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-6) SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@fc115a3: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fc115a3: Principal: myapp.springSupport.AccountUser@bb94ce99: Username: test1976; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_sysadmin,user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_sysadmin, user' stored to HttpSession: 'io.undertow.servlet.spec.HttpSessionImpl@725caa25
17:13:43,186 FINE [org.springframework.security.web.context.SecurityContextPersistenceFilter] (default task-6) SecurityContextHolder now cleared, as request processing completed
17:13:43,202 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
17:13:43,202 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) No HttpSession currently exists
17:13:43,202 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) No SecurityContext was available from the HttpSession: null. A new one will be created.
익명 세션이 생성되는 위치는 다음과 같습니다.
17:13:43,205 FINE [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] (default task-9) Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
17:13:43,205 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
17:13:43,205 FINE [org.springframework.security.web.session.SessionManagementFilter] (default task-9) Requested session ID 4B9EACEB7190B99CC7A1E248D8E4495B is invalid.
17:13:43,205 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
17:13:43,206 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
17:13:43,206 FINE [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (default task-9) Checking match of request : '/index.jsp'; against '/srv/private/**'
17:13:43,206 FINE [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] (default task-9) Public object - authentication not attempted
17:13:43,206 FINE [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp reached end of additional filter chain; proceeding with original chain
17:13:43,207 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
17:13:43,207 FINE [org.springframework.security.web.access.ExceptionTranslationFilter] (default task-9) Chain processed normally
17:13:43,207 FINE [org.springframework.security.web.context.SecurityContextPersistenceFilter] (default task-9) SecurityContextHolder now cleared, as request processing completed
17:13:43,211 FINE [org.springframework.security.web.FilterChainProxy] (default task-12) /srv/home at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
17:13:43,211 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-12) No HttpSession currently exists
17:13:43,211 FINE [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-12) No SecurityContext was available from the HttpSession: null. A new one will be created.
내 봄 보안 구성 :
<security:http auto-config="true">
<security:intercept-url pattern="/srv/private/**"
access="hasAuthority('user')"/>
<!-- enable csrf protection -->
<security:csrf disabled="true"/>
</security:http>
Sooooo, 나는 손잡이에 약간의 느낌이 든다.
파이어 폭스가 아닌 크롬을 사용할 때이 문제가 발생하지 않는 것으로 나타났습니다.
Firefox는 JSESSIONID를 변경했습니다.
이것은 우분투를 업그레이드하기 위해 너무 바빠서 매우 오래된 Firefox 브라우저를 사용하고 있기 때문입니다.
내가 손잡이처럼 느껴진다 고 말 했나요?
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다